PRIVACY NOTICE
This privacy notice is issued by Konami Digital Entertainment Co., Ltd. (hereinafter referred to as "Konami”, “we”, “our”, or “us”), a company based at 1-11-1 Ginza, Chuo‐ku, Tokyo 104-0061 Japan.
This privacy notice describes how Konami will use your personal data in relation to your use of “KONAMI ID”, the authentication service provided by Konami.
This privacy notice also describes your rights to the protection of personal data, including the right to object to any processing of personal data that we carry out. More information about your rights and how to exercise them is set forth in the “Your rights and requests to Konami” section.
We may change, add to, or delete any part of this privacy notice from time to time. You can obtain the latest version of this privacy notice from our website [https://legal.konami.com/games/id/en/] and it will be made available via “My KONAMI” website [https://my.konami.net/].
1. Our use of your personal data
(a) KONAMI ID
(b) Konami Card Game Network
(c) Card Database
2. Our sharing of your personal data with other companies
3. How we protect your data in Japan and other countries outside the EU/UK
4. Your rights and requests to Konami
5. Our security for your personal data
6. How to contact Konami with questions
1. Our use of your personal data
We process your personal data in accordance with applicable European Union (“EU”) and United Kingdom (“UK”) laws, regulations, codes of conduct and guidance on data protection and privacy (“Data Protection Laws”), in particular:
- If you are in the EU, then we will comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Privacy and Electronic Communications Directive 2002/58/EC (as amended) and related EU Member State laws and regulations.
- If you are in the UK, then we will comply with the Data Protection Act 2018, the UK GDPR (being the GDPR as retained in UK law after Brexit), the Privacy and Electronic Communications Regulations 2003 and related statutory Codes of Conduct including the Children’s Code.
Your personal data may be used in order to help us provide you with KONAMI ID and any related services.
Please note that where we refer in this privacy notice to:
- “personal data”, this means any information which relates to you as an identifiable individual; and
- the “EU”, this also includes the European Economic Area (“EEA”) Member States of Norway, Iceland and Liechtenstein.
(a) KONAMI ID
(i) Categories of personal data we collect for authentication service
Below are the categories of personal data that we collect to provide you KONAMI ID authentication service. Unless otherwise stated below, personal data in parenthesis are examples of the data we collect.
|
Purpose |
Categories of Personal Data |
Lawful Basis |
Retention Period |
|---|---|---|---|
|
To provide authentication service |
Customer data (e-mail address)
|
Legitimate Interest* |
- Period necessary to respond to legal obligations
|
|
For registration and recovery of your KONAMI ID |
Customer data (e-mail address, date of birth, gender)
|
*Legitimate Interest: this means our interest in operating our business to deliver high-quality products and services in the most convenient and secure way for you, as set out in more detail for each of the Purposes above. Where we rely on legitimate interests to process your personal data, we first consider how this may benefit, or pose risks, to you. We will only collect and use your personal data for our legitimate interests where we have made sure that there are no unacceptable negative risks to you, and you always have a right to object to our use of your personal data (see Section 4). To find out more, please contact us as explained in Section 6.
(ii) Categories of personal data we collect for other products and services
KONAMI ID’s role is not just an authentication service.
You may be asked to log-in to KONAMI ID in various occasions, such as, while you are playing games, or when you apply to participate in events.
We ask you to provide your information through your use of KONAMI ID (“Information”) and transfer it to other products and services, to centrally manage your Information. That way, you will not have to provide us the same Information over and over.
Below are the categories of personal data that we collect for KONAMI ID to provide Information to other products and services (collectively, “Products”), and the purposes for which each such Products use such Information. Unless otherwise stated below, personal data in parenthesis are examples of the data we collect.
Since KONAMI ID is centrally managing the Information, retention period within KONAMI ID is the same as explained in Section 1(a)(i). However, please be noted that each Products will retain the Information for a different period after it receives such Information, details of which will be separately explained in the privacy notices for each such Products.
|
Purpose |
Categories of Personal Data |
Lawful Basis |
|---|---|---|
|
To provide you Products
|
Customer data (e-mail address)
|
Legitimate interest |
|
For operations necessary for the events held either online or offline that you participate in (“Event”)
|
Customer data (address, date of birth, name, phone number)
|
|
|
To send you tangible items, such as the things you have purchased, won, or earned |
Customer data (address, name, phone number) |
|
|
To improve the quality of, or newly develop, the Products |
Customer data (e-mail address, phone number, date of birth, gender)
|
|
|
Upon your separate consent, to promote Products and events, such as, by sending you promotional e-mail and by serving ads using third-party ad services (“Promotion”)** |
Customer data (e-mail address)
|
Consent*** |
** For this purpose, we may provide your personal data explained above to third-party ad services such as those provided by Google, Facebook and Twitter (collectively, “Ad Service”). In this case, Ad Service may profile you to effectively serve our ads to users that are expected to be interested in our Products. However, we will be sure to ask for your explicit consent before providing your Information to Ad Service, especially if it involves profiling. See the footnote below for more information on consent.
*** Consent: this means we use your personal data where we have obtained your clear, specific and freely given consent. To rely on your consent, we have to provide you with enough information in advance to make up your mind on whether you are happy for us to use your personal data for the purpose we have explained. We also have made sure that you have actively provided your consent to us (we cannot assume or infer your consent) and that we have a record of it.
(iii) Categories of personal data we collect to appropriately handle children’s personal data
Konami has implemented parental control features in KONAMI ID to appropriately handle children’s personal data. This will also help parents and legal guardians of the children manage their children’s online activities.
For more about KONAMI ID’s parental control features, visit here: https://my.konami.net/faq/child.html
The categories of personal data that we collect is the same as explained in Section 1(a)(i) and (ii), however, the following information will be required when you use parental control features.
A. To register and use KONAMI ID that can manage KONAMI ID for your child
Name, date of birth, address, phone number, country of residence, e-mail address, profile name, KONAMI ID, password, and language
B. To register and use KONAMI ID for your child
Date of birth, profile name, KONAMI ID, and password
(b) Konami Card Game Network
Below are categories of personal data that we collect when you use, "KONAMI CARD GAME NETWORK".
|
Purpose |
Types of Personal Data |
Lawful Basis |
|---|---|---|
|
To provide the services |
IP address, cookie information Check-in Store log (e.g. Card Game ID, longitude/latitude of device, Check-in Store) Prize Drawing/Winning log (e.g. Card Game ID, Prize Drawing Store, Drawing date and time, Winning date and time, Content of the Prize you won) Home Store, Favourite Store |
Legitimate interest |
|
To run the card game event |
User Account Information (e.g. Card Game ID, Country, Nickname, Initial Password, Month and Year of Birth, KONAMI ID) The latest penalty date, Date and time of the Tournament you booked from a website but not participated, Duelist Level, Status of the link to KONAMI ID Tournament entry history (e.g. Card Game ID, Participated Tournament (Tournament number) Booked Tournament, Ranking, Obtained points, Number of won game, Number of lost game, Number of draw game) |
Legitimate interest |
|
To specify the user |
User Account Information (e.g. Card Game ID, Country, Nickname, Initial Password, Month and Year of Birth, KONAMI ID) |
Legitimate interest |
|
To improve the service quality |
Server log (e.g. Access time, Session ID, IP address, device information, Browser information, Processing time, Access URL, Link source URL, Status Code, longitude/ latitude of device) cookie information |
Legitimate interest |
|
To prevent the unauthorised use |
Tournament rule breach data |
Legitimate interest |
(c) Card Database
Below are categories of personal data that we collect when you use, "Yu-Gi-Oh! TRADING CARD GAME - CARD DATABASE".
|
Purpose |
Types of Personal Data |
Lawful Basis |
|---|---|---|
|
To provide the services |
IP address, cookie information Deck information (e.g. Card Game ID, Deck identification information, Card information, Deck name) Card you own (e.g. Card Game ID, Card information) Card you want (e.g. Card Game ID, Card information) Card you vote (e.g. Card Game ID, Card information)Your favorite Deck (e.g. Card Game ID, Deck identification information) |
Legitimate interest |
|
To specify the user |
User Account Information (e.g. Card Game ID) |
Legitimate interest |
|
To improve the service quality |
Server access log (e.g. Access time, Session ID, IP address, Device information, Browser information, Processing time, Access URL, Link source URL, Status Code) |
Legitimate interest |
2. Our sharing of your personal data with other companies
We share personal data with other companies, including in order to ensure the quality of KONAMI ID services so that we are able to provide you with the experience you expect from us and can enjoy, as well as to protect our business interests. Occasionally, situations may arise where we need to share your personal data with other types of organisations. We explain below our sharing of your personal data, and please contact us using the details in Section 6 if you have specific questions.
(a) Sharing with our group companies
We share personal data with other companies in the Konami group (“Konami Group”) where necessary to provide you with KONAMI ID services (including customer support) and to improve them.
We will ensure that any Konami Group companies that receive your personal data will only use it as permitted by Data Protection Laws and for the purposes set out in this privacy notice and (where applicable) the privacy notices of the relevant Konami Group companies.
A list of all of our Konami Group companies is available athttps://www.konami.com/corporate/en/subsidiaries/.
(b) Sharing with service providers
We also share personal data with service providers outside the Konami Group where necessary to provide you with KONAMI ID services, for example companies which provide us with cloud servers to store KONAMI ID related data, including Information. Whenever we share your personal data with service providers, we will protect it to the standard required by Data Protection Laws by undertaking checks on the service provider before using them and controlling their use of your personal data in a legally binding contract. Below are the categories of third parties with which we share personal data.
|
Category |
Location |
|---|---|
|
Processor – Service providers (cloud service) |
Japan, US |
|
Processor – Service providers (e-mail delivery service) |
Japan, US |
(c) Sharing with companies providing advertising services
If you consent to our collection of your personal data for the purpose of Promotion (as explained in Section 1(a)(ii)), we will disclose your personal data to companies providing advertising services. All such companies locate in the United States.
(d) Sharing with other entities
We may also share your personal data with other entities not specified above (i) in the event of a restructuring, sale or merger of the Konami business or company which provides you with KONAMI ID services or (ii) if it is requested by judicial, administrative, or other public authorities (including authorities outside your district of residence).
In every case, we will only share your personal data to the minimum extent necessary for the specified purpose and we shall ensure that appropriate safeguards are in place to ensure the security and confidentiality of your personal data in accordance with Data Protection Laws.
3. How we protect your data in Japan and other countries outside the EU/UK
Konami is a Japanese company and the personal data we collect from you is stored in secure data centres operated by the Konami Group and by its service providers in Japan and in other countries including the United States, and we apply strict security measures to protect your personal data, as explained in Section 5.
The Data Protection Laws of Japan have been approved by the EU and by the UK as providing the same high standards of protection as the Data Protection Laws of the EU and UK. Where we transfer your personal data to our service providers in countries other than Japan which are not in the EU or UK, then we will comply with the strict requirements imposed on us by the Data Protection Laws of the EU, UK and Japan to ensure that your personal data remains protected to the same high standards.
Details of the safeguards we have put in place can be obtained by contacting us as explained in Section 6.
4. Your rights and requests to Konami
(a) Your rights and how to exercise them
You have the following rights that you can exercise with Konami.
- Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data that concerns you are being processed, and where that is the case, access to the personal data and certain related information. As there are some limitations to this right, sometimes we will not be able to provide you with all of the information you request.
- Correction or erasure of personal data: In some circumstances, you have the right to require Konami to correct inaccurate personal data that concerns you without undue delay and to complete any incomplete personal data. You may also have the right to require Konami to erase the personal data that concerns you without undue delay, when certain legal conditions apply.
- Restriction on processing of personal data: You may have the right to require Konami to restrict the processing of personal data, when certain legal conditions apply.
- Portability of personal data: You may ask us to transfer your personal data to another organisation, or to you, in a systematic format available for general use, so that the data may be shared with another company, when certain legal conditions apply.
- Objection to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, when certain legal conditions apply. This right applies where our lawful basis for using your personal data is ‘legitimate interests’ (see Section 1). If we receive a request from you objecting to our use of your personal data, then in general we must stop using it. We may continue to use it only if we have a strong reason to do so and our continued use does not create an unacceptable risk to you. If your objection is to direct marketing, then we must always stop.
- Not to be subject to automated decision-making: You may have the right not to have your personal data used to make decisions about you based on profiling or other forms of automated processing which could affect you legally or in any other similarly significant way, when certain conditions apply We will never use your personal data for such purposes.
- Withdrawing your consent: Where our lawful basis for using your personal data is consent, then you always have the right to change your mind and withdraw your consent.
You can exercise these rights by contacting us using the details in Section 6 below. Please note the following points:
- Response time: We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex or you have made a number of requests. As explained above, please note that there are exceptions to your rights and some situations where they do not apply.
- Additional information: We may need to ask for additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not given to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
- Usually no fee: You will not normally have to pay to access your personal data or to exercise any of your other rights. In some circumstances, however, we may charge a reasonable fee if we consider that you are making requests which are especially unreasonable. For example, if you make an unreasonably large number of requests or request an unreasonably large amount of information. Alternatively, we may refuse to comply with your request in these circumstances.
(b) Your right to complain to a Supervisory Authority
We value our relationship with you and want to ensure that you are comfortable with how we use your personal data to provide you with KONAMI ID services. If you feel that we have failed to look after your personal data properly, or have misused it, then we would always encourage you to contact us first as we will do our best to resolve the issues for you. You can contact us using the details in Section 6.
Alternatively, you have the right to make a complaint to a ‘Supervisory Authority’ (the government regulator for data protection) about our use of your personal data:
- If you are in the EU, you can find the Supervisory Authority for your country and how to contact them here: https://edpb.europa.eu/about-edpb/board/members_en
- If you are in the UK, the Supervisory Authority is the Information Commissioner’s Office, who you can contact here: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
5. Our security for your personal data
(a) How we keep your data secure
Keeping your personal data safe and secure is our priority.
As required by Data Protection Laws, we have put in place appropriate ‘technical’ and ‘organisational’ security measures to prevent breaches of your personal data:
- Our ‘technical’measures for protecting your personal data include ensuring that the data centres in Japan which Konami operates have very strict physical controls for who can access your personal data, strong protections against threats such as cyber-attacks, viruses and power-cuts, and are regularly backed up. When we use third party services for data storage, we ensure that they also use appropriate technical security measures.
- Our ‘organisational’ measures for protecting your personal data include managing carefully the staff who can access your data. For example, we always make sure that our staff agree to ‘confidentiality obligations’ (meaning they promise to keep your personal data secret) in our employment contracts with them and we train our staff on the importance of protecting your personal data and our obligations under Data Protection Laws.
(b) What we do if there is a personal data breach
Personal data breaches can include a wide range of incidents which affect the confidentiality, integrity or availability of your personal data. Some breaches result from accidents, others from unlawful actions.
We recognise that security breaches involving your data could cause you distress, financial damage or other harm. We have therefore put in place reporting procedures to respond quickly to any suspected personal data breach and to ensure that our staff are trained on these procedures. Where a personal data breach poses a potentially significant risk to you, then we will notify you and any relevant data protection authority of a personal data breach in situations where Data Protection Laws require us to do so, so that you can take appropriate steps to protect yourself from the breach.
6. How to contact Konami with questions
There are several ways in which you can contact us with any questions about our use of your personal data, or to exercise your rights under Data Protection Laws. These are explained below:
- Contact us: You can exercise your rights by contacting us at: privacynotice@faq.konami.com
- Contact our Data Protection Officer: We have appointed a Data Protection Officer (DPO), who has overall responsibility for looking after the Konami Group’s compliance with Data Protection Laws. You can contact our DPO by emailing them at: dpo-team@konami.com
- Contact our EU Representative: If you are in the EU and would prefer to contact our local EU representative, you can do so by emailing the French Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info
- Contact our UK Representative: If you are in the UK and would prefer to contact our local UK representative, you can do so by emailing the UK Branch of Konami Digital Entertainment B.V. at rep-gdpr@konami.info